Evela

Privacy Policy

Last updated: 11 July 2026

Evela is a personal finance app that helps you track your money by hand or by voice. Your data stays yours — we never connect to your bank, and we collect as little as possible. This policy explains what we collect, why, where it lives, and how you stay in control.

Contents

  1. Who we are
  2. What we collect
  3. How we use it
  4. Voice & AI features
  5. Who we share with
  6. Where data is stored
  7. How long we keep it
  8. Your rights & choices
  9. Deleting your account
  10. Security
  11. Children
  12. Changes
  13. Contact

1. Who we are

“Evela” (“we”, “us”, “our”) provides the Evela mobile app and the website at evela.ai. If you have any question about this policy or your data, email us at hello@evela.ai.

Evela is manual-first: you enter your finances yourself, by typing or by voice. We do not link to your bank accounts, cards, or any open-banking service, so we never see your real bank logins, statements, or card numbers.

2. What we collect

Account & identity

You sign in with Google or Apple. We do not run passwords of our own. From your sign-in we receive and store your email address and a provider user ID. (If you use “Sign in with Apple” and choose to hide your email, we only ever see Apple’s private relay address.) Authentication is handled by our infrastructure provider, Supabase.

Financial information you enter

This is the core content of the app, all entered by you:

Balances are calculated on the fly and are not stored as such. We do not receive any of this from third parties — it only exists because you typed or dictated it.

Profile settings

A minimal profile: your base/display currency and whether you finished onboarding. We do not collect your name, photo, phone number, postal address, or date of birth.

Voice recordings (only if you use voice entry)

When you tap to add an entry by voice, the app records a short audio clip and sends it to our server, which forwards it to our speech-to-text provider for transcription. The audio is used only for that transcription and is then deleted — we do not store your voice recordings.

Usage analytics

We collect anonymous product-usage events — which screens you open, which actions you take, counts, and coarse buckets — to understand how the app is used and improve it. These events never include your amounts, notes, account names, or identity, and are not linked to your account. You can turn analytics off at any time in Settings.

Diagnostics & crash reports

If the app or our server hits an error, a diagnostic report (such as a stack trace) is sent to our error-monitoring provider so we can fix it. Personal and financial fields are stripped out before sending, and reports are not tied to your identity.

Subscription data

If you buy a subscription, the purchase is processed by the app store (Apple or Google) and our subscriptions provider, RevenueCat. We receive only whether a subscription (entitlement) is active — never your card details. We never see or store payment card numbers.

On-device security data

A database encryption key, your session tokens, and — if you set one — your app-lock PIN (stored only as a salted, hashed value) are kept in your device’s secure store (iOS Keychain / Android Keystore). These stay on your device and are not sent to us.

3. How we use your data

We do not sell your personal data, and we do not use your financial data for advertising.

4. Voice & AI features

Some features use automated processing to save you time:

We do not store the text you send or the AI’s response. Only technical usage metadata (for example, token counts and cost, linked to your account for quota purposes) is logged — never the content of your entries.

You’re always in control. The AI only proposes a draft that you review and confirm — nothing is saved automatically. AI-generated text is informational only and is not financial, investment, tax, or legal advice. It may be inaccurate; decisions are yours.

5. Who we share data with

We don’t sell your data. We use a small set of service providers (“sub-processors”) to run Evela. Each only receives what it needs for its job:

ProviderPurposeWhat it processes
SupabaseSign-in & cloud databaseYour email & provider ID; your financial data
PowerSyncSync between your device & the cloudA mirror of your app data
RailwayHosts our backend serverPasses data through to the services below
Google & AppleSign-in providersProvide us your email & a user ID
DeepgramSpeech-to-textYour voice clip (transiently, then deleted)
DeepInfra (Qwen)AI parsing & categorizationThe text of your entry (transiently)
AnthropicAI fallback providerSame as above, only if the primary is down
PostHogProduct analyticsAnonymous usage events (no identity, no amounts)
SentryError & crash monitoringDiagnostics with personal fields scrubbed
RevenueCat + app storesSubscriptionsPurchase / entitlement status

We may also disclose information if required by law, or to protect the rights, safety, or property of our users or Evela.

Currency exchange rates shown in the app come from a public rates service and involve no personal data.

6. Where your data is stored

Your account and financial data are stored in our cloud database (Supabase) in the European Union (Frankfurt, Germany). Our backend server (Railway) runs in the EU (Amsterdam, Netherlands), and error diagnostics (Sentry) are stored in the EU (Germany). Anonymous product analytics (PostHog) are processed in the United States. Our AI and speech providers process your entries transiently on their infrastructure, which may be in the United States or other countries.

This means your data may be processed in countries other than the one you live in. Wherever it goes, it is protected by the security measures described in this policy and by our agreements with each provider.

7. How long we keep your data

8. Your rights & choices

Depending on where you live (for example, under the EU/UK GDPR or similar laws), you may also have the right to access, correct, delete, export, or restrict the processing of your personal data, and to object to certain processing. To exercise any of these, email hello@evela.ai and we’ll help. You also have the right to complain to your local data-protection authority.

9. Deleting your account

You can permanently delete your account and data yourself: open Settings → Delete account and data and confirm. This cannot be undone. It removes your accounts, transactions, categories, tags, reconciliation entries, profile, subscription records, and AI usage logs from our live database, and clears all Evela data from your device. As noted above, residual copies may remain in encrypted backups for a short period before expiring. Shared reference data that isn’t personal to you (such as public currency rates) is not affected.

10. Security

No system is perfectly secure, but we work to protect your data using industry-standard measures.

11. Children

Evela is not directed to children and is intended for adults. You must be at least 18 years old (or the age of majority where you live) to use Evela. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact hello@evela.ai and we will delete it.

12. Changes to this policy

We may update this policy from time to time. When we do, we’ll change the “Last updated” date above, and for significant changes we’ll let you know in the app. Continued use of Evela after an update means you accept the revised policy.

13. Contact us

Questions, requests, or concerns about your privacy? Email hello@evela.ai.